Safeguard your organization and customers from new account fraud.
New account fraud continues to be a growing concern, with recent statistics revealing an alarming trend. In 2022, the number of reported new account bank fraud cases rose to nearly 111,000, a significant increase from 84,000 in 2021. According to the Department of Labor, businesses suffered $163 billion in losses due to account opening fraud.
The rise of this insidious and difficult-to-detect form of fraud poses a challenge for banks and businesses alike. Effectively addressing new account fraud calls for a comprehensive approach that combines advanced technology with a deep understanding of how this type of fraud works.
Let’s explore the intricacies of new account fraud and how industry-leading solutions, such as Fraud.net, can play a pivotal role in its detection and prevention.
What is new account fraud?
New account fraud occurs when an individual opens a new account using a false identity. The perpetrator then gains access to credit, which they can use to make fraudulent purchases or launder money.
Virtually any company that relies on account credentials for customer transactions or service access can be targeted by new account fraud. Financial institutions, online banks, and e-commerce platforms are particularly vulnerable to such attacks. Typically, criminals focus on high-end products or high-risk financial institutions where the payout is bigger.
How often does new account fraud happen?
New account fraud can be difficult to spot, resulting in conservative estimates of its occurrence. However, credit card new account fraud emerged as the most prevalent form of identity theft in 2022, up 13% from 2021. Cybersecurity analysts state as much as 50% of new U.S. accounts in 2021 were fraudulent, an increase of 109% from the previous year.
How does new account fraud work?
New account fraud starts with an account origination attack that aims to access a system, service, or online account owned by a legitimate user. In an account origination attack, the fraudster will collect data about their victim through a social engineering method or by getting information that has been exposed in a separate data breach. Then, the perpetrator will build a fake identity.
This fake or synthetic identity is then used to target a business to set up a new account and gain access to its services. The fraudster can make unauthorized transactions, apply for loans and lines of credit, or use their credentials to get deeper into company data.
New account fraud is somewhat similar to account takeover fraud, which also starts with identity theft or synthetic identity fraud. However, account takeover fraud requires first gaining control of a legitimate consumer’s account.
How to detect new account fraud
Detecting new account fraud requires the ability to recognize when a false or synthetic identity is being used to open a new account. Detecting this type of fraud can be challenging, as fake accounts often look just like real ones.
However, certain indicators can be used to monitor and spot new account fraud. Here are a few red flags to look for to detect new account fraud.
1. Unusual or inconsistent social security numbers
Social security numbers that appear newly issued or don’t match the information on the rest of the application are a big sign of new account fraud. For instance, if the individual is over 25 with an established SSN but has changed addresses within six months, it could be a fake account.
2. Inconsistent or suspicious addresses
Residential addresses listed as PO boxes or mail drop locations should raise suspicion. Moreover, a fraudster will often use their actual, legitimate address with a made-up user account to ensure that a victim doesn’t receive any notifications regarding identity theft.
3. Unusual account activity
Most fraudsters wait for 30 days to make a deposit or start by making small deposits and withdrawals to make the account seem normal. Scrutinize this window for all new accounts. Look for account activities like a large sum of money going in and suddenly moving out.
4. Activity occurring at strange times
Fraudsters know when your accounts are most vulnerable: weekends and holidays when there is less staff monitoring for fraudulent activity. Other key moments are right before a banking holiday. Fraudsters will make deposits on a Friday or Saturday to take advantage of the extra time to execute a withdrawal before a fraudulent check is processed.
5. Suspicious and inconsistent information
Look for suspicious email addresses, inconsistencies in account registration information, and deposits of fraudulent checks. Triangulate the user’s information with outside sources. If the data provided in an application doesn’t match other available details, it’s a sign that something is wrong.
Strategies for preventing new account fraud
Businesses can take steps to protect themselves from new account fraud by implementing strong Know Your Customer (KYC) identity verification procedures and using fraud detection tools. Here are some key strategies for preventing new account fraud.
1. Strengthen identity verification
Make it difficult for fraudsters to fake an identity with document verification and other ID checks. Ask users to upload copies of government-issued IDs or utility bills to verify their identity and address. Require a phone verification step too that sends a unique code to the user’s listed phone number during registration.
It’s also smart to use multi-factor authentication (MFA) that requires a user to submit multiple verification factors to log in to a website, device, or online account. Rather than simply logging on with a username and password, MFA asks for a password and a fingerprint, a facial scan, a one-time passcode, or all of the above.
2. Check IP addresses
IP address verification is an important confirmation of the identity behind an application, account, or transaction. Much can be inferred if the IP is new or if it is associated with problematic activity in the past. Flag suspicious activity from specific IP addresses or ranges known to be associated with fraud. Consider setting limits on the number of accounts that can be created from a single IP address or device within a certain timeframe.
3. Implement device fingerprinting
A device ID is a distinct identifier associated with a cell phone or handheld device, separate from its hardware serial number. Device fingerprinting enables continuous monitoring and analysis of user devices, detecting any suspicious activities or deviations from normal behavior. This strategy helps identify and flag suspicious activities by recognizing anomalies or inconsistencies in device behavior.
4. Create a formal KYC/AML strategy
A strong KYC / AML program is critical for all organizations, and mandated for some. Every business should formalize the four components of KYC regulations, including: 1) customer acceptance, 2) customer identification, 3) monitoring of transactions, and 4) risk management.
Use Fraud.net to lower the risk of new account fraud
Fraud.net is a leading solution for combatting new account fraud. Our platform offers a customizable, AI-driven toolkit that constantly updates and expands your business’ real-time risk scores, fraud detection, case management, and collective intelligence insights.
Fraud.net’s Application AI targets new account fraud and account takeover fraud. We use machine learning, anomaly detection, geolocation, and behavioral analyses to detect high-risk sessions on your site and prevent most fraudulent logins. Automated monitoring and alerts improve your defense, reduce the risk of a false positive impacting the user experience, and identify patterns efficiently.
To learn more about Application AI, schedule a demo with Fraud.net today.